Fully Synthesizable Unified True Random Number Generator and Cryptographic Core

Abstract

This paper introduces a novel class of architectures that unify true random number generation and private-key cryptography by reusing the cryptographic core for both tasks. The unified architecture is well suited for low-cost constrained secure integrated systems, in view of the inherent area efficiency and the low design effort entailed by conventional automated design flows. Clock pulse over-stretching in pulsed latch clocking generates randomness by inducing metastability and jittered oscillations. Shannon confusion and diffusion in the cryptographic datapath enforce high entropy and robustness against variations. Conventional cryptographic operation is alternatively performed at moderate clock pulsewidths. A 40-nm CMOS testchip demonstrates the proposed unified architecture with a compact area of 0.43 <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$\cdot 10^{6}~F^{2}$ </tex-math></inline-formula> ( <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$F\,\,=$ </tex-math></inline-formula> minimum feature size), based on a SIMON cryptographic core. The true random number generator (TRNG) output shows cryptographic-grade quality without any calibration across dice, process (across two manufacturing lots), voltage, and temperature variations. Energy per encryption down to 0.25 pJ/bit is demonstrated. Unification of TRNG and the cryptographic core results in inherent data locality and obfuscation of key generation within logic, improving the resilience to physical attacks.